<?php
  session_start();  
  include_once('db.php');
  
  if ( $_SERVER['REQUEST_METHOD'] === 'POST' )
  {
    // Read the input from stdin     
    //print_r("[".file_get_contents("php://input")."]");
    $username = $_POST['username'];
    $password = $_POST['secpassword'];       
  }
  else
  {
    $username = $_GET['username'];
    $password = md5($_GET['password']);        
  }
  
  $conn = &ADONewConnection($dbType);
  $conn->PConnect($dbServer, $dbUser, $dbPassword, $dbName);
   
  $query = "select id_user, login, name, state, trackid, email, publicpos, lastPosition, privileges, id_country from user where login = ".$conn->qstr($username)." and password = ".$conn->qstr($password);
  //execute query
  //$conn->debug = true;      
  $rs = $conn->Execute($query);
  
  foreach ($rs as $row) {    
    $userid = $row[0];
    $state = $row[3];
    if ( $state == 1){
      $_SESSION['userId'] = $userid;
      $_SESSION['userLogin'] = $row[1];
      $_SESSION['userName'] = $row[2];
      $_SESSION['userTid'] = $row[4];
      $_SESSION['userEmail'] = $row[5];
      $_SESSION['userPublic'] = $row[6];
      $_SESSION['userCurrentPosition'] = $row[7];
      $_SESSION['userPrivileges'] = $row[8];
      $_SESSION['userCountry'] = $row[9];
    }
  }
  
  if ($userid && $state == 1)
  {   
    echo "<script>document.location='main.php';</script>";
    //echo "id:".$userid;
    //exit;  
  } else if ($userid && $state == 0) {
    echo "<script>document.location='index.php?error=Your account is not active yet. Click here to request another activation email.';</script>";
  } else {
    echo "<script>document.location='index.php?error=Invalid username or password';</script>";
    //exit;
  }  
?>
